baffling sql string
Duncan Booth
duncan.booth at invalid.invalid
Wed Sep 27 08:34:48 EDT 2006
DarkBlue <nomail at nixmail.com> wrote:
> iq1="update MSGTALK set msgdate='NOW',subject='%s',talktext='%s' where
> msgno= %d " % (mysubject,mytalktext,mymsgno)
> try:
> self.cur.execute(iq1)
Use parameterised queries and get rid of the quotes in the SQL:
iq1="update MSGTALK set msgdate='NOW',subject=%s,talktext=%s where
msgno= %d "
try:
self.cur.execute(iq1, (mysubject,mytalktext,mymsgno))
...
depending on your actual database you might need to use something other
than %s to specify the parameters. Check out 'paramstyle' for your database
connection.
More information about the Python-list
mailing list